Jump to content
Sign in to follow this  
itman

Does Eset Detect S5Mark As UA,PUA, or Malware?

Recommended Posts

Posted (edited)

Bitdefender recently published a whitepaper on Zacinlo malware which can be downloaded from here: https://labs.bitdefender.com/wp-content/uploads/downloads/six-years-and-counting-inside-the-complex-zacinlo-ad-fraud-operation/ .

Besides deploying a rootkit in the form of a validily signed device driver, the signing cert. now thankfully revoked, one of  Zacinlo malware components was s5Mark, a fake VPN utility. Appears s5Mark has been around for some time. Using the hashes for s5Mark provided in the whitepaper, I noticed that Eset per VirusTotal lookup did not detect any of its components; even the installer. I don't want to make a big deal about the VT non-detection since we have discussed that might not be fully representative of Eset's detection capability. However, I would like to know if Eset is flagging s5Mark as at least a UA/PUA since it has been deployed in other malware incidents.

s5Mark Hashes

51960b69f4a7c96af835ec71057b86be945983ed

4ddbbcebc348eb9f6a79886d01e4ee270018f259

5ee4ebf7e423e3e143cd286b048c04372c606bca

00caa31ec14bd478e70583f6f41c6a685629d9ee

a3b68f42db720583aa9a8f704b172c944ad96627

867515f594b589ac311508e7b5dc369ece04624a

615f2e8e9a4bb7ba9d4eb06d11834060a741adc2

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

I will also add that the "adware" version of s5Mark that surfaced last year employed a SmartService component used to disable AV processing. This version of SmartService; i.e. file hash -  1d4236b3c446c1ab86c577615cc52d4edc99bf5b4077cd93e6cd37b90d6991a0, was deployed through a separate installer which Eset detects.

It appears that this latest malware "weaponized' version of s5Mark no longer deploys a separate installer for SmartService but instead installs its components via the s5Mark installer.

Edited by itman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×